app id
available in the Castled Settings page in the didFinishLaunchingWithOptions
method of the AppDelegate
class and call the initialize method.
user-id
is the id that you use internally within your organisation to identify a user.
setUserId
to mitigate any risk of user impersonation. In the absence of a
user-token, no additional verifications will be done to enforce user
authenticity. If your user-id is random id such as a UUID, user-token
is probably not required. More info on user-token can be found in the next
section.user-token
is a unique token for each user generated by your app server. This token is usually issued by the app server after the user
completes the login flow within your app.
user-token
is a Base64 encoded Hash-based Message Authentication Code (HMAC). Ensure the hash computation happens in your app server so that api-key
is not exposed. You can create an api-key
in the Setting > API Keys page within your Castled account. Contact Castled support for help with integration.
Find sample server code snippets to generate HMAC for the user-id
.
How do I rotate the Api Key?
Api Key
as some config that can be
easily changed with minimal or no code change. So when you want to rotate
the key, create a new key from Castled dashboard, update the new key at your
server side. Ideally you shouldn’t disable old token immediately as new user
token is updated only when setUserId()
is called. You should allow some grace
period before disabling the old Api Key
so that all users gets the updated user token.